Dan Voss, Sales Director UK & I, Obrela discusses how cyber-incidents can halt production and disrupt supply chains, making resilience a boardroom priority.
Obrela’s latest Digital Universe Report reveals a convergence of IT and OT systems, rising automation and deeply interconnected supply chains, creating an environment where a single compromise can halt production, corrupt data and affect global logistics.
This risk is real. For example, earlier this year, Jaguar Land Rover had to suspend operations across multiple plants after a major cyber-incident.
The disruption lasted weeks, impacted thousands of suppliers and is estimated to have cost the economy £1.9 billion.
It’s a stark reminder that cyber-resilience is now a board-level manufacturing concern.
The report highlights that 29% of manufacturing-related incidents were a result of suspicious internal activity, including insider misuse and adversaries using stolen credentials to move laterally.
This highlights that identity is now the perimeter where compromised user credentials can inflict more damage than an external exploit.
This is especially true in OT environments where legacy systems and safety constraints often limit patching and monitoring.
Attacks tailored to manufacturing processes accounted for 24% of incidents and specifically targeted control systems, industrial configurations and automated workflows.
These threats are carefully orchestrated and designed to remain undetected, while causing maximum disruption.
Malware is still an issue, representing 17% of incidents.
However, it’s evolving. While remote-access tools, credential stealers and fileless techniques are still being used, they are increasingly focused on persistence and espionage, not just extortion.
Advanced threat actors such as Lazarus Group, APT33 and UNC3944 are actively targeting the manufacturing sector.
Their operations mix geopolitical and financial motives, targeting smart production environments, legacy ICS components and global supply chains.
And an attack on one supplier can quickly cascade into systemic disruption.
Many vulnerabilities are not flaws in the technology; they are a direct result of the industry’s progress.
This is a challenge for manufacturing leaders.
Factories that were once running with isolated, proprietary machinery are now highly connected ecosystems, exchanging real-time data with ERP systems, logistics platforms and suppliers.
Each new connection may work to boost efficiency, but it also expands the attack surface.
Traditional perimeter defences are not able to protect what is now a living, breathing (and expanding) network of devices, sensors and human operators.
A single malware intrusion can halt an assembly line, so cybersecurity has to evolve from a compliance checkbox to an essential part of operational resilience.
Obrela data shows that average detection and response times are min based on advanced MDR services and human intelligence.
The rise in internal credential misuse, whether through error, coercion or compromise, demonstrates a shift in threat dynamics and highlights the importance of identity.
A compromised engineer’s credentials, for example, have the potential to trigger cascading failures across production systems. Addressing this means a cultural shift.
Cybersecurity must be embedded in every layer of operational governance, not siloed within IT.
Cybersecurity controls should be treated as production safeguards that are every bit as critical as physical safety protocols.
The most resilient organisations will be those that embrace attack visibility as a core competency.
Spotting a deviation in system behaviour, a misconfigured PLC, an unexpected outbound connection or a subtle process anomaly, for example, can avert a crisis.
Today’s adversaries are no longer just attacking for ransom; they attack to have influence.
This often means attacking silently and waiting.
Industrial leaders need to recognise that you cannot defend what you cannot see and you cannot recover from what you do not understand.
Cybersecurity is not about building bigger walls around the factory; it’s about ensuring every component within it knows when it has been touched.
